This design flaw is certainly real, and is one of the many reasons why we have started migrating to a new design. In short, when the Agile Keychain Format was designed (in 2008), we weren't aware of all of the various problems that come from using unauthenticated CBC mode encryption.

I could plead that we were in reasonably good company in making that kind of error, but as I've since learned, research in academic cryptography had been telling people not to use unauthenticated encryption for more than a decade. This is why today we aren't just looking at the kinds of attacks that seem practical, but we are also paying attention to security theorems.

The new data format which we are tentatively calling the 1Password4 Cloud Keychain Format (until we can come up with a better name) was introduced in December 2012 for 1Password 4 on iOS and it will be rolled out to all platforms in the not so distant future.

We still use CBC in the new format, but padding is random (the length of the pad is stored outside of the ciphertext), and we use an Encrypt-then-MAC construction for authenticated encryption with additional data. Key derivation now involves PBKDF2-HMAC-SHA512.